Before I ask more detailed questions, I wanted to know if I really need to edit the /etc/pam.d files presuming that I've modified my /etc/nsswitch.conf file?
If so, then when I tried those modifications, I couldn't figure out how to get reasonable behavior. If you have auth sufficient pam_ldap.so auth required pam_unix_auth.so try_first_pass then if the entry is found in ldap, pam returns and you never execute things like motd, etc. which is not what you want. Presuming that setting up /etc/nsswitch.conf is sufficient, I still can't get things to work. If I try to log in as a normal (non-ldap) user, everything's fine, and I can see that it's asking the ldap server for the user and getting no answer (as an aside, it looks like it's asking the ldap server for a bunch of fields that the MigrationTools didn't create (shadowmax, shadowmin, etc)). Then it lets that user log in as usual based on their shadow passwd entry. However, if I try to log in as stray (which is the user that has no shadow passwd/group entry, but has an ldap entry), it never even asks the ldap server, it just fails. If I try su instead, I get "su: problem establishing PAM_RUSER" also with no attempt to contact the ldap server. I think I got my pam_ldap.conf right -- the relevant lines should be: base ou=People,dc=localnet pam_filter objectclass=account My nsswitch.conf reads as indicated in the libnss-ldap readme: passwd: files nis ldap group: files nis ldap shadow: files nis ldap (I didn't know about shadow, but I presumed it should be the same as the others). And I can tell that the entry for stray is in the ldap database because I can see it with ldapsearch: $ ldapsearch -h localhost -v -b ou=People,dc=localnet "(& (uid=stray) (objectclass=account))" ldap_init( localhost, 0 ) filter pattern: (& (uid=stray) (objectclass=account)) returning: ALL filter is: ((& (uid=stray) (objectclass=account))) uid=stray,ou=People,dc=localnet uid=stray cn=stray objectclass=top objectclass=account objectclass=posixAccount loginshell=/bin/bash uidnumber=1008 gidnumber=1008 homedirectory=/home/stray gecos=,,, 1 matches Any help would be appreciated. -- Rob Browning <[EMAIL PROTECTED]> PGP=E80E0D04F521A094 532B97F5D64E3930
